by Seiji Iwasaki
Article filed in
Carpenters Benefit Funds of Philadelphia suffers HIPAA email breach
by Seiji Iwasaki
On August 31, 2018, Carpenters Benefit Funds of Philadelphia submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Philadelphia, PA, Carpenters Benefit Funds of Philadelphia’s email breach affected 20,015 individuals’ protected health information.
Carpenters Benefit Funds of Philadelphia is classified as a Health Plan.
According to this report about Carpenters Benefit Funds of Philadelphia’s breach:
Carpenters Benefit Funds of Philadelphia is committed to maintaining the privacy and security of participant information. Carpenters Benefit Funds of Philadelphia said today that it has notified certain participants about a security incident involving a phishing scheme, which may have affected a limited number of Carpenters Benefit Funds of Philadelphia employees’ email boxes between April 23, 2018 and May 3, 2018. Upon learning of the situation, Carpenters Benefit Funds of Philadelphia promptly launched an investigation and engaged external cybersecurity professionals.
After devoting considerable time and resources to determine what exact information was contained in the affected employees’ email boxes, Carpenters Benefit Funds of Philadelphia discovered on July 17, 2018 that the email boxes contained certain participants’ information, including full names, addresses, health insurance information, bank account information, medical treatment information, driver’s license numbers and/or Social Security numbers. This incident did not affect all fund participants.
Carpenters Benefit Funds of Philadelphia is not aware of any reports of identity fraud or improper use of information as a direct result of this incident. Carpenters Benefit Funds of Philadelphia has mailed letters today to participants whose sensitive personal and health information was contained in the affected email inboxes.
…Carpenters Benefit Funds of Philadelphia has taken steps to minimize the risk of a similar incident in the future, including implementation of additional employee training and security measures.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.